Dear XML Working Group,
I have to solve the following problem with the Enveloped Signature Transform.
According to the definition of the here() function and XPATH predicate defined in
http://www.w3.org/Signature/Drafts/xmldsig-core/#sec-EnvelopedSignature
subchapter, it is clear that enveloped signature signs/verifies "all" but not self.
Is it also possible to sign/verify the same XML document by using more than one enveloped signatures?
Example:
<test:a ...>
...
<ds:Signature ... >...</ds:Signature> <!-- first signature refers to test:a -->
<ds:Signature ... >...</ds:Signature> <!-- second signature refers also to test:a -->
</test:a>
Both of these signatures contain enveloped transform and refer to the same "test:a" element.
According to the specification the first signature should sign the second one and the second one should sign the first.
The same problem arise during verification phase. Is there any reccomendation for this case?
Regards
Pavel
Pavel Zavora
Software Developer, Systinet (formerly Idoox)
http://www.systinet.com